Ticket #21081: 21081.2.diff
File 21081.2.diff, 1.4 KB (added by , 12 years ago) |
---|
-
wp-admin/includes/user.php
function edit_user( $user_id = 0 ) { 69 69 $user->user_url = ''; 70 70 } else { 71 71 $user->user_url = esc_url_raw( $_POST['url'] ); 72 $user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url; 72 $protocols = implode( '|', array_map( 'preg_quote', wp_allowed_protocols() ) ); 73 $user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url; 73 74 } 74 75 } 75 76 if ( isset( $_POST['first_name'] ) ) -
wp-includes/functions.php
function wp_allowed_protocols() { 3508 3508 static $protocols; 3509 3509 3510 3510 if ( empty( $protocols ) ) { 3511 $protocols = array( 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn' );3511 $protocols = array( 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn', 'tel', 'fax' ); 3512 3512 $protocols = apply_filters( 'kses_allowed_protocols', $protocols ); 3513 3513 } 3514 3514